there are ways of masking your ip, whether through web anonymizer software or even having a router/firewall setup. many people have attempted to create programs which can produce the geographical location of an ip but the best anyone has come up with is "a pretty good guess." as stated before, most attacks come from compromised systems, so even tracing the source of the problem isn't really tracing the source of the problem, but that certainly doesn't stop people from trying.
computer forensics refers to recovering data from a machine. when you first delete a file and it appears in your recycle bin, you really didn't move the file to the recycle bin at all. the information about the file actually goes to a hidden folder while the file itself (on your hard drive) doesn't go anywhere. even when you empty the recycle bin, the file itself still doesn't go anywhere; your system simply removes the entry to indicate that the space once occupied by the file is no longer needed, and that the space is now available for any other data. unless you've had excessive disk activity after deleting something, then whatever you've deleted is perfectly recoverable. how people make sure their data is not recoverable is by continuously over-writing their hard-drive with junk data. unfortunately, recovering data is beyond the tools provided by windows, although both free and commercial software to perform the task are an online search away.
the task manager is a useful tool; it allows you to kill non-responsive programs, see what processes are running (even the hidden ones), and monitor your computer's performance. the more popular method of accessing this is via ctrl+alt+del, although i prefer ctrl+shift+esc myself (it's geekier or something). processes/programs that are running cannot hide from the task manager, but then again they can if they're using one of the existing processes to run. go ahead and open it up and click the "processes" tab to take a look at what is running. it is not entirely uncommon to see multiple instances of the same process. if you are ever paranoid that something might be running that shouldn't be (or you're being monitored at work), you can end the process here; however, you want to be careful what process you end as it could cause your system to become non-responsive. the following is a list of core processes that you should always leave running:
i wonder what would happen if a virus was named one of these…hmm.
within your control panel is the "user accounts" icon. here you can set up a different user name for each person who uses your computer, and it allows each user to have their own personalized settings. there isn't a whole lot you can do here aside from changing your password, which is pretty much useless anyway. in older versions of windows, all that you had to do to bypass the login screen password was hit the esc key. that's about as redundant as password protecting your screen saver, when all anybody has to do is simply reboot the computer and the screen saver goes away. with xp, your password is a little more secure, but just a little.
if you have trouble thinking up passwords, windows can automatically generate one for you (but then you'd probably have to write it down, which can lead to other problems). at the command-line just type "net user account_name /random" where account_name is the name of your account. if you don't have an administrative account or you've lost your password, just reboot windows and as soon as the text appears on the screen press and hold down the f8 key; continue holding the key until you see the startup options displayed. select "safe mode" and press enter. look at what we have here: a default hidden administrative account that (by default) requires no password to go in and edit whatever our heart desires. *shakes head*
cracking passwords isn't as easy as finding where they're stored (c:\winnt\system 32\config\sam) and then figuring out how to un-encrypt them. bootup using an alternate operating system, preferably one that runs off a cd like knoppix or windows pe, to access the same file. encryption is a very complex thing, and some algorithms are theoretically "one-way" or in other words, it's not possible to reverse an encryption to its original form, while encrypting the same word over and over again will always have the same result. so basically, cracking passwords is still (in a lot of cases) just a matter of guessing. two-way encryptions use a "seed" or a key to reverse the procedure.
one of the most popular methods of guess-cracking is to create a little script that pulls words out of a dictionary, have it try different variations of each word, etc. by viewing the source code of a web page for example as we previously discussed, you can see how the login is being processed, which could allow you to create your own login file pointing at the website's processing page. to prevent people from doing this, a lot of sites will restrict the number of logon attempts you're allowed in a given period of time, or they will add what is called a turing test. a popular turing test is when you see an image with numbers and letters written on it and it asks you to type what you see as part of the verification process. the idea is they're trying to prove that you're a human and not a robot. some robots can read images, but not easily; other robots avoid the image altogether and simply focus on the "id" that the website passes to itself to verify what's on the image. it's that whole robots vs humans thing again.
if you don't feel that windows' password protection is good enough, you can use your pc's setup program (or bios [basic input/output system]) to require a password to boot up the computer (note: this is not a part of windows). to access the setup screen, restart your computer and when the first screen comes up (it disappears fast so be quick about it) it should say something along the lines of "press <f2> to enter setup." once you're in the main menu, look for the "security" or "power-on password" or "user password" section; it really depends on the manufacturer of your hardware. when you find it, enter your password of choice but type very carefully as resetting a system password is no easy task. you may need to apply a setup password before it lets you enter a user password.
this is a far more secure method of protecting your data; the only problem is that you have to completely shut down every time you're not using your computer. bypassing the system password can be done by opening your pc case and having a little hardware/wiring knowledge (just unplug the battery and plug it back in to reset cmos [complementary metal oxide semiconductor]), which is one of the reasons that they make cases with locks on them.
the bios (in a nutshell) is software that is installed directly on hardware (whether it is the motherboard, video card, etc) at the time of manufacturing. the bios contains all of the code needed to boot up your computer, display the monitor, control the keyboard, etc. in other words, everything that your computer does before you install an operating system (like windows) is controlled by the bios. aside from setting a password, you can also change the bootup sequence in bios to make it appear as if a computer can't find an operating system to start hehehee.
to manage or set up user/group permissions, certain tools may be available depending on what version of xp you're running. go to start > run, and attempt to run any of the following tools: compmgmt.msc (computer management), lusrmgr.msc (local user manager), secpol.msc (security policy), or gpedit.msc (group policy editor). if you're using xp home edition, then chances are you may be stuck using alternative methods. setting up permissions for different users can allow you to specify what they can or cannot do, or even create scripts to run each time they logon. policy files are stored within a hidden folder located in "c:\winnt\system32\grouppolicy." setting permissions can be done by chmoding folders as discussed in chapter 6, or you can use the registry. for example, to restrict users from running specific applications, open regedit and go to hkey_current_user \ software \ microsoft \ windows \ currentversion \ policies \ explorer.
in the right pane, you can create a new dword value named "DisallowRun" and give it the value of 1 to enable application restrictions. then in the left pane, create a new key (or sub-folder) by right-clicking the explorer folder and give this new folder the name "disallowrun" as well. for every application you want to restrict, create a new string value in the right pane (in the "DisallowRun" folder) named as consecutive numbers (1, 2, 3, etc) with their values containing the name of the restricted application (such as cmd.exe). using the exact same instructions, substituting the name "DisallowRun" with "RestrictRun" you can say "i only want these applications to run" as opposed to "i don't want these applications to run." obviously, you want to be careful not to apply these rules to yourself (especially disabling access to regedit) or you may not be able to undo them. when someone attempts to run a restricted application, they will get a message implying that it was restricted intentionally. no more solitaire! also, type cacls /? in dos to set permissions.
while we're here (in the registry) navigate to the following files: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ RegisteredOwner/ RegisteredOrganization.
modifying the above files allows you to change your windows registration info (which is seen when you double-click the "system" icon in your control panel). go inform the neighbors that they stole your computer, and you can prove it.
back on topic… some routers actually provide the ability to limit the usage of a particular computer on the network, allowing you to restrict when somebody can use the internet and when they can't. we'll talk more about routers in the following chapter but for now, there is an alternative way you can determine what time of the day/night a particular username can sign on (although once they're logged in, there is no way to force them to logout unless you're on a network). for example, if you wanted someone to only be allowed to login on weekdays from 5 pm to 7 pm, you could type the following in the command line: "net user username /time:m-f,5pm-7pm"
firewalls are a good thing. xp comes with a firewall that is enabled by default with sp2. to make sure, you can double-click "network connections" in your control panel, then right-click on your internet connection to select "properties" followed by the "advanced" tab at the top. assuming you've got the latest windows updates, then you also have access to "windows firewall" as well as "security center" within your control panel.